Error while revoking the certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: soxgp.popi.io

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output:

An error occurred revoking certificates with Let's Encrypt:

2022/05/03 11:26:54 Trying to revoke certificate for domain soxgp.popi.io
2022/05/03 11:26:55 Error while revoking the certificate for domain
soxgp.popi.io
acme: error: 403 :: POST ::
https://acme-v02.api.letsencrypt.org/acme/revoke-cert ::
urn:ietf:params:acme:error:unauthorized :: Certificate is expired

The problem is caused by my inclusion of the domain "soxgp.bitnamiapp.com" together with "soxgp.popi.io". The domain bitnamiapp.com no longer exists.

My web server is (include version): Apache 2.4.46

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

No. The problem is this:

And the (last) certificate indeed expired on April 6th. Today is May 3rd. crt.sh | soxgp.popi.io

I don't know why would you want to revoke an expired certificate. If you need a new certificate, get a new certificate and don't mess with old ones.

4 Likes

To add to @9peppe's excellent response, revoking a cert should be an extremely rare thing. If you don't want to use a cert, just delete it, but the only reason you should revoke it is if you believe its corresponding private key has been compromised.

4 Likes

It’s the automated process being executed that offers the option to use the existing certificate or revoke it (Y or N). So there is a certificate.

But, it reports an error if you select β€œY” (to use the existing certificate) as the existing certificate includes a domain that no longer exists.

The only other option offered is β€œN”. The response also an error - the certificate has expired.

Since both choices result in an error, is there a solution?

~WRD000.jpg

Yes, read this page. Towards the end there should be the solution you're looking for:

https://docs.bitnami.com/aws/how-to/understand-bncert/

3 Likes

I followed Approach B and have the same result.

A certificate was found at /opt/bitnami/letsencrypt/certificates/soxgp.popi.io.crt

It is registered for a different set of domains: soxgp.bitnamiapp.com soxgp.popi.io.

Do you want to disable/revoke the existing certificate and create a new one? [y/N]:

N gives an error

Y gives the following:

2022/05/03 14:12:14 Error while revoking the certificate for domain

soxgp.popi.io

acme: error: 403 :: POST ::

https://acme-v02.api.letsencrypt.org/acme/revoke-cert ::

urn:ietf:params:acme:error:unauthorized :: Certificate is expired

~WRD000.jpg

Follow the " Resetting the certificates" section :wink:

3 Likes

Thank you. This worked.

~WRD000.jpg

4 Likes